The program exists. Each and every company lied. They may have been Bill Clinton-esque, "legally accurate" lies, but make no mistake: they intentionally lied.
Neither of these refutes the PRISM denials. One is about the Verizon court order story, which (while thematically related) is not directly relevant, the other seems intended to be refer to the PRISM stories in the Post and Guardian, but seems to be an attempt to characterize the program referred to in the story as being radically different than either what the story describes or what the providers have denied, so it cannot be a refutation of the denials.
I did; one refers explicity to the Guardian article on the Verizon wireless FISA order, the other refers to supposed Guardian and Washington Post articles referring to data collection under Section 702 of FISA, and accuses the articles of misrepresenting basically everything about that collection. Neither the Post nor the Guardian article abouut PRISM actually says anything about data collection under Section 702 of FISA, and, even if it did, the DNI press release claims everything substantive about the article is wrong, and doesn't in any way refute the denials by the providers (which deny peripheral elements of the story and aren't, actually -- as I address in other posts in the thread -- actually denials of the substance of the stories, anyway.)
This is pretty simple: if they got to AT&T and Verizon, it's crazy to think they wouldn't get Google / Microsoft / Facebook / Apple.
Apple has recently been the world's largest company, and has nearly half the US smart phone market.
Microsoft still has a practical monopoly in desktop operating systems (and combined with Apple they cover 98% or so of the market). Also, Microsoft was already leashed by the Feds via anti-trust. Once you're under their heel, there's no going back.
Google, well, comeon... they're a data wet dream. Ditto Facebook. One has a near monopoly in search, and develops the most popular mobile operating system (reaching almost a billion users), the other has a monopoly in social (particularly the kind of social where Joe Smith uses it every day).
For all intents and purposes, once a company gets as big as these guys, they become government/corporate entities, no longer strictly corporate in nature. Much like Boeing or Bank of America or GE or Exxon. The intermingling is impossible to avoid at their size. And in fact, the Feds would never allow you to remain very distant at such size, too many lobbyists and too much money and power is in play.
And while we're at it, let's remember the close ties to the Obama Administration that some of these companies enjoy. Hardly far-fetched to imagine them cooperating with continuously expanding espionage programs, particularly even more so when they like the administration in power (I would say it's plausible even that companies would be less likely to fight if they thought highly of an administration; personal political bias clouding judgment, how many have fallen for the Obama campaign charm?).
These are all denials of things around the periphery of the PRISM issue like inferred details of the mechanisms by which the data is gathered, and none of them are denials of the core of what supposedly is happening under PRISM in terms of the scope of user data that has been collected by the NSA.
If you look at the "denials", they all only deny one or more of the following things:
1. That the government has direct access to the providers systems,
2. That customer information is provided to the government outside of what the provider believes is legally required,
3. That customer information is turned over to the government without a court order.
Lets start with the "direct access" piece, because this appears to be a common inference as to how the broad scope of information at issue is provided to the government, but the "direct access" characterization seems to be at odds with the slide titled "PRISM Collection Details" in the presentation that is the source of the accusations. That slide strongly suggests that there is a distinct collection of data that is available for NSA users, varying in content by provider.
The idea that it is a "voluntary program" or one outside of a process dependent on court orders isn't inconsistent with anything that has been made public from the source documents, but it doesn't seem to be demanded by them, either. What is clear from the documents (assuming their authenticity and accuracy) and the direct characterizations of them (rather than what are clearly inferences and not direct characterizations) provided in the coverage is that different providers were brought into the program at different times, and that the program involves some form of "cooperation" by the providers -- but none of that implies that it is voluntary or doesn't involve court orders of some kind (perhaps, specifically, FISA warrants)-- and that from each provider the collection of data is limited to a provider-specific list of particular kinds of data, and that the data is provided to the NSA directly from the companies servers (but the "direct access" rather than direct provision thing appears to be an inference from the direct provision, rather than itself a direct characterization.)
In fact, the recently revealed broad Verizon FISA warrant suggests exactly how this could have been achieved with FISA warrants -- instead of being dates on which a negotiated agreement was reached with each provider, the dates the providers are listed as being brought into the program could be the dates on which a broad FISA warrant (similar to the Verizon one, but specifying different data) was issued mandating collection of specified data from the specified provider. The providers could then honestly deny participation in a voluntary program, or providing direct access to their servers, or providing customer information without a court order -- they could even honestly not know that the FISA warrant they were served was part of a broader program directed at wide range of providers. Such a warrant could specify directly (or make timeliness requirements that make this the only way to comply) that the data be provided by being fed to the NSA from the companies servers, without providing the NSA access to the servers.
IOW, everyword of the denials could be literally true, with the substance of the story -- that the NSA is being fed the vast array of customer data described in the stories about PRISM and can access data from that collection freely at will -- being true at the same time, the only things that are in conflict between the story and the denials are peripheral inferences and implications about the mechanism that appear in the story (such as "direct access" or the absence of court orders or other compulsory process.)
To me the presence or absence of court orders is absolutely a substantive distinction, as is the question of whether information is requested for only a limited subset of customers or for all (or a significant fraction of) customers.
> To me the presence or absence of court orders is absolutely a substantive distinction
Its perhaps a substantive distinction in terms of the culpability of the providers, but its not (IMO) a substantive distinction in terms of the abuse of surveillance by the government if the scope of information collected is as broad as described in the story. PRISM is just as bad if it is done via broad FISA court orders of the type of the Verizon order as if it is done without a court order.
> as is the question of whether information is requested for only a limited subset of customers or for all (or a significant fraction of) customers.
While the providers have denied providing information as part of a "voluntary program" or "without court orders", none have addressed the scope or breadth of information, so, while that may be an important distinction, its not one that is addressed by the denials at all.
So the Washington Post "leak" was disinformation to distract everyone from the Verizon phone records story?
Karl Rove was alleged to have done something similar during one of Bush's campaigns: Leak a false version of a true story (I believe it was his draft avoidance, but I can't remember ...) and then provide documentation which discredits the inaccurate version, so no publication was willing to cover the story later, regardless of facts.
1. "You'll notice that we're reporting numerical ranges rather than exact numbers. This is to address concerns raised by the FBI, Justice Department and other agencies that releasing exact numbers might reveal information about investigations." -- http://googlepublicpolicy.blogspot.com/2013/03/transparency-...
No, because the NSA directly collecting the information under PRISM doesn't mean that the FBI won't also be issuing NSLs, under more specific justification, for information that the NSA already happens to have.
Just because the NSA has it doesn't mean the FBI has access to it.
Still doesn't seem very transparent. It's kind of like saying that I didn't drink any alcohol today, but I might be doing an undisclosed amount of drinking with my friend Ned. Kind of defeats the purpose.
So you'd be more likely to believe them if they were verbose? Most of them are fairly direct denials. That's not to say that they're necessarily true, but they don't seem like especially weasely statements.
I'd be more likely to believe that the substance of the story wasn't true if they denied the substance (the scope of information provided), rather than peripheral inferences made in the story about the procedure and mechanics by which the information gets to the NSA.
Given the actual denials, I will assume that, at a minimum, everything about the story that they didn't deny -- that is, the scope of the customer data which has been provided by those providers to the NSA -- is implicitly confirmed, and that the (mostly irrelevant) details they have denied are in doubt.
What's wrong with the media in the U.S. is that they let these finely parsed denials stand, reporting them verbatim or worse summarizing as "the companies deny it".
We need press that is capable of communicating the grey areas as you did in your top comment here, ideally in a way the masses can grok.
If you’re forced to lie you only say what you’re obliged to say. Normally when companies face PR crises they release full page press releases full of fluffy assurances and marketing speak.
Everybody is reading way too much into this. They were all issued "gag orders" which say "You will never disclose in any such way the existence of this operation". These orders also specify "If this operation is ever leaked into to public awareness you will outright deny knowledge and participation of said operation".
"Direct access" is the specific accusation that has been leveled at them. For example, the Guardian is using the headline "NSA has direct access to tech giants' systems for user data, secret files reveal" on their front page, and the phrase "direct access" is used three times in their story. [1]
I think that everybody assumes that they already comply with court orders for information from individual accounts. The direct access is what is new and shocking.
Yes but there are plausible ways to deny "direct access" that do not inconvenience the USG. They just need something they can point to to defend this statement, they don't actually have to have any meaningful obstruction.
It is interesting is that Facebook, Apple, and Yahoo used the term "direct access".
But what is more interesting is that Microsoft claims "If the government has a broader voluntary national security program to gather customer data we don’t participate in it".
Does it mean that participation is not required as in a more sophisticated 641?
That's not my reading - the previous two sentences discuss their compulsory responses to legally binding orders and subpoenas, and claim that such responses only ever relate to specific accounts.
No, there's really nothing suspicious about the almost instant complete mass denial.
It sometimes takes months for these companies to come up with a full public statement on any privacy scandal. The process of getting hold of the people with enough clearance to be able to deny alone takes time. Let alone ensure that the statement is approved by senior management and legal.
Usually the best statement you can get within 24 hours is "we're taking these allegations very seriously and are looking into it".
This very much feels like a scripted response to an anticipated scenario.
> No, there's really nothing suspicious about the almost instant complete mass denial.
True, because there was no "complete mass denial". There were very focussed, specific denials from different providers of certain procedural and mechanical claims (that they provided customer information as part of a "voluntary program" or without court orders or that they provided government officials direct access to the providers servers to access customer information), but no denials of the central allegation, that each of the providers has been providing the government with a collection of information for their entire customer base and that that information gets pushed into the government collection directly from the providers servers.
http://www.dni.gov/index.php/newsroom/press-releases/191-pre...
http://www.dni.gov/index.php/newsroom/press-releases/191-pre...
The program exists. Each and every company lied. They may have been Bill Clinton-esque, "legally accurate" lies, but make no mistake: they intentionally lied.